Tutorials - Disabling restore

Summary: Information on disabling the restore utility when infected objects are in the restore database.
Updated: 20th March 2002
Author: Matt Ham
Company: Virus Bulletin

Procedure

The Restore utility is designed to retain a copy of important system files so that these can be extracted to replace any files deleted. Unfortunately, many anti-virus products cannot delete or disinfect files in the System Restore area (usually C:\_Restore), and these files can become infected.

In order to remove this source of infection the System Restore feature must be disabled, the files removed and then System Restore may be re-enabled. To do this the following procedure should be followed:

  • Right-click on the My Computer icon.
  • Select Properties and then the Performance tab.
  • Select File System and the Troubleshooting tab.
  • Select the option 'Disable System Restore'.
  • Select Apply and then Close twice. The System Restart prompt will appear.
  • Restart the computer.

The restarted machine will now have a C:\_Restore folder which can be disinfected or the files within it can be deleted or moved as desired.

In order to restore the System Restore function, the above process should be followed once more, with step four being reversed.


Poll

Are you still running IE 6?
Yes, on my machine at work
Yes, on my home machine
Yes, on both work and home machines
No, I use a newer version of IE
No, I use a different browser

Leave a comment

Jobs Recruit Sidebar

Virus Bulletin

In this month's magazine:
  • Social networking meets social engineering
  • Flying solo
  • Geneva convention
  • 7th German Anti Spam Summit 2009
  • Anti-phishing landing page: turning a 404 into a teachable moment
  • An update on spamming botnets: are we losing the war?
  • Windows Server 2008 Standard Edition SP2 x86
Virus Bulletin 10 2009
Subscribe now!
Virus Bulletin currently has 187,822 registered users.